Educause Security Discussion mailing list archives
Re: Are users right in rejecting security advice?
From: Steven Alexander <alexander.s () MCCD EDU>
Date: Wed, 17 Mar 2010 14:34:11 -0700
People ignore policies every day for a variety of reasons. In an ideal world, they shouldn't. But in the very imperfect world we live in, they will violate them, rightfully or not. If we want to ensure compliance, we need to better understand why people violate policies. That's not to say that some violations aren't actionable, some are. But, we need to make sure that employees know the policies, understand them, and aren't too inhibited from doing their work by adhering to them. We don't hire people to follow policies, we hire them to teach, counsel students, write grant applications, etc. The employees we hire are judged based on how well they perform the jobs they were hired for, not how well they follow policy. In most cases, the only time any employee is judged on his or her policy compliance is when he or she is disciplined. We can't expect people to force themselves into blind compliance when their only real incentive is not to do something that will get them in trouble. Steven Alexander Jr. Online Education Systems Manager Merced College From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of John Nunnally Sent: Wednesday, March 17, 2010 1:23 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Are users right in rejecting security advice? Exactly, Eric! Students are one thing, but faculty and staff are EMPLOYEES. They are no more "right" to ignore security recommendations, than they are to ignore any other corporate policies. Are they "right" to ignore personnel policies or parking regulations because they don't see any reason for them? I think the point is that we will see better results from our efforts by making policies that make sense and are easy for end users to buy into. But regardless of what those policies might be, employees are should comply or appeal, not ignore. John N. <snip> This email has been scanned by a Spam/Virus Firewall. If your email has been classifed as Spam please contact the HelpDesk at (209) 384-6180.
Current thread:
- Re: Are users right in rejecting security advice?, (continued)
- Re: Are users right in rejecting security advice? Jansen, Morgan R. (Mar 17)
- Re: Are users right in rejecting security advice? Dick Jacobson (Mar 17)
- Re: Are users right in rejecting security advice? John Nunnally (Mar 17)
- Re: Are users right in rejecting security advice? Eric Case (Mar 17)
- Re: Are users right in rejecting security advice? Patrick Ouellette (Mar 17)
- Re: Are users right in rejecting security advice? Roger Safian (Mar 17)
- Re: Are users right in rejecting security advice? Michael Sinatra (Mar 17)
- Re: Are users right in rejecting security advice? Ken Connelly (Mar 17)
- Re: Are users right in rejecting security advice? Michael Sinatra (Mar 17)
- Re: Are users right in rejecting security advice? Eric Case (Mar 17)
- Re: Are users right in rejecting security advice? Steven Alexander (Mar 17)
- Re: Are users right in rejecting security advice? Justin Azoff (Mar 17)
- Re: Are users right in rejecting security advice? Michael Sinatra (Mar 17)
- Re: Are users right in rejecting security advice? Eric Case (Mar 17)
- Re: Are users right in rejecting security advice? Eric Case (Mar 17)
- Re: Are users right in rejecting security advice? Dennis Meharchand (Mar 17)
- Re: Are users right in rejecting security advice? Jansen, Morgan R. (Mar 17)
- Re: Are users right in rejecting security advice? Katie Weaver (Mar 18)
- Re: Are users right in rejecting security advice? Kevin Wilcox (Mar 18)
- Re: Are users right in rejecting security advice? Kevin Wilcox (Mar 18)
- Re: Are users right in rejecting security advice? John Ladwig (Mar 18)
(Thread continues...)